Rewterz Threat Alert – MuddyWater APT – Active IOCs - Rewterz
Common Information
Type Value
UUID a46d319d-805a-44f7-80bf-1b03d3fbc30c
Fingerprint 288801d9aec7774d
Analysis status DONE
Considered CTI value 2
Text language
Published March 11, 2022, 3:16 p.m.
Added to db Dec. 19, 2024, 6:06 p.m.
Last updated Dec. 21, 2024, 5:01 a.m.
Headline Rewterz Threat Alert – MuddyWater APT – Active IOCs
Title Rewterz Threat Alert – MuddyWater APT – Active IOCs - Rewterz
Detected Hints/Tags/Attributes 47/2/46
Attributes
Details Type #Events CTI Value
Details CVE 5
cve-2022-0022
Details Domain 3
lalindustries.com
Details Domain 9
canarytokens.com
Details Domain 4
advanceorthocenter.com
Details md5 2
5f71191ca2aff4738d9ca86e884e9afa
Details md5 2
b3504546810e78304e879df76d4eec46
Details md5 3
6cef87a6ffb254bfeb61372d24e1970a
Details md5 3
b0ab12a5a4c232c902cdeba421872c37
Details md5 2
e182a861616a9f12bc79988e6a4186af
Details md5 2
bb9872bb18840b7e8a887b3be3b621c6
Details md5 2
72e371542ad6fda96bb3fc3b1ee68d92
Details sha1 2
fa73bee345b6f5d214917b5425bb2a6bd9b45de7
Details sha1 2
d02d93b707ac999fde0545792870a2b82dc3a238
Details sha1 3
e21d95b648944ad2287c6bc01fcc12b05530e455
Details sha1 3
a8e7659942cc19f422678181ee23297efa55fa09
Details sha1 2
69840d4c4755cdab01527eacbb48577d973f7157
Details sha1 2
4e68e6daf702c6f8f2a7aed3fb23169f331fd47c
Details sha1 2
3f37ca0db6442743e34768e44450752637930523
Details sha256 3
fb69c821f14cb0d89d3df9eef2af2d87625f333535eb1552b0fcd1caba38281f
Details sha256 4
f10471e15c6b971092377c524a0622edf4525acee42f4b61e732f342ea7c0df0
Details sha256 5
4b2862a1665a62706f88304406b071a5c9a6b3093daadc073e174ac6d493f26c
Details sha256 5
026868713d60e6790f41dc7046deb4e6795825faa903113d2f22b644f0d21141
Details sha256 4
c2badcdfa9b7ece00f245990bb85fb6645c05b155b77deaf2bb7a2a0aacbe49e
Details sha256 3
6e50e65114131d6529e8a799ff660be0fc5e88ec882a116f5a60a2279883e9c4
Details sha256 3
ef385ed64f795e106d17c0a53dfb398f774a555a9e287714d327bf3987364c1b
Details IPv4 3
95.181.161.81
Details IPv4 2
185.183.97.25
Details IPv4 6
178.32.30.3
Details IPv4 7
88.119.170.124
Details IPv4 8
5.199.133.149
Details IPv4 4
185.118.164.195
Details IPv4 4
172.245.81.135
Details Threat Actor Identifier - FIN 445
FIN7
Details Url 2
http://lalindustries.com/wp-content/upgrade/editor.php
Details Url 2
http://advanceorthocenter.com/wp-includes/editor.php
Details Url 2
http://95.181.161.81:443/main.exe
Details Url 2
http://95.181.161.81/mm57aayn230
Details Url 2
http://95.181.161.81/i100dfknzphd5k
Details Url 2
http://88.119.170.124/lcekcnkxkbllmwlpoklgof
Details Url 2
http://88.119.170.124/ezedcjrfvjriftmldedu
Details Url 2
http://5.199.133.149/oeajgyxyxclqmfqayv
Details Url 2
http://5.199.133.149/jznkmustntblvmdvgcwbvqb
Details Url 2
http://185.183.97.25/protocol/function.php
Details Url 2
http://185.118.164.195/c
Details Url 1
http://178.32.30.3
Details Url 1
http://172.245.81.135